Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lOFOu6G_HjEJCpW9vHAPKzWWaX0.roa
File:                     lOFOu6G_HjEJCpW9vHAPKzWWaX0.roa (raw, json)
Hash identifier:          9Q71YCoPB0PhMWYknlfeISLnz+yECTOmjTnbj2Vby6E=
Subject key identifier:   94:E1:4E:BB:A1:BF:1E:31:09:0A:95:BD:BC:70:0F:2B:35:96:69:7D
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258EFF53898ECA7133BA3969227F6C8A
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lOFOu6G_HjEJCpW9vHAPKzWWaX0.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57705
IP address blocks:        85.187.17.0/24 maxlen: 24
                          85.187.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ff:53:89:8e:ca:71:33:ba:39:69:22:7f:6c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94e14ebba1bf1e31090a95bdbc700f2b3596697d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:61:b3:66:31:af:fd:4f:f5:7d:31:a0:6f:b3:
                    a4:1d:b9:57:93:89:af:b5:e3:eb:e7:c3:38:71:c8:
                    8c:ab:1a:85:63:c5:22:71:72:81:83:3b:77:43:05:
                    29:35:bd:fa:ac:bb:8f:d1:87:2d:8d:a2:e4:16:74:
                    28:8f:56:cf:1d:68:3d:54:7c:49:c4:5e:10:26:db:
                    d2:89:ac:d5:46:38:ec:25:c8:4d:41:24:ce:99:47:
                    81:49:cc:a5:40:e0:48:35:76:bc:24:62:3f:ad:08:
                    92:24:2e:73:a4:a1:df:03:2c:ba:68:d1:71:3a:fb:
                    88:f4:de:ec:f7:2b:b8:c6:f1:79:d2:bb:17:d6:93:
                    97:6d:9c:8c:f3:d7:d0:f6:68:33:29:27:cf:69:8f:
                    ee:d3:39:33:9c:69:27:8f:ac:ef:f6:6f:7c:42:16:
                    2e:cc:5e:b3:2a:ce:0d:7c:7e:45:ff:1c:f4:ed:4a:
                    4f:17:a1:8d:01:b3:95:40:cf:0f:9c:c8:84:42:9a:
                    2f:d1:8c:a8:e8:36:a3:e8:1e:56:d9:06:c0:d9:2b:
                    61:2a:c4:b1:74:47:c6:df:e5:7c:8a:7d:90:48:66:
                    4b:10:14:2c:51:2b:bf:f4:64:06:2e:8b:c3:17:62:
                    f5:b7:3d:b2:6d:85:86:ea:f3:b4:dc:92:d6:fa:3e:
                    10:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E1:4E:BB:A1:BF:1E:31:09:0A:95:BD:BC:70:0F:2B:35:96:69:7D
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lOFOu6G_HjEJCpW9vHAPKzWWaX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.17.0/24
                  85.187.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:0b:15:c8:8d:0c:52:ee:ab:16:2c:bb:d1:e1:b5:48:44:d9:
         5d:7a:90:d3:53:31:dd:41:32:93:d9:dc:13:95:38:b5:44:03:
         92:3f:4a:71:f8:cb:0c:ee:7b:7d:d1:12:11:56:ca:7a:af:46:
         b9:93:53:8b:a1:02:f6:8c:9a:98:44:6a:1b:fe:74:5b:ba:2a:
         20:4c:c5:33:d1:cb:3b:06:ec:9c:de:40:da:cc:23:47:24:cd:
         22:71:c2:5f:3d:57:00:02:8a:18:21:fc:6d:83:fe:00:6a:d1:
         0c:dc:bb:4f:bd:42:89:fd:50:fd:0e:6b:f3:1c:f3:ef:6d:dc:
         d4:cc:a3:10:e6:cd:7e:67:3d:0d:4f:94:fe:f6:2c:70:bc:0c:
         dc:78:0e:d4:ee:37:e9:40:10:3d:c1:43:81:b2:9d:4c:f7:20:
         e3:6b:13:06:72:c8:a8:4b:0e:10:6f:8f:2b:9e:7b:5b:d2:66:
         b1:16:ab:4a:e3:75:a2:24:d5:21:a9:09:6e:e7:32:75:fb:6a:
         40:8f:17:a2:19:d6:07:2d:fd:9d:e0:c4:9e:a4:97:31:9b:1f:
         70:ac:02:45:ed:ad:1c:7c:90:27:7a:19:e1:99:17:b0:26:31:
         11:2b:a8:a3:20:83:48:76:59:da:c1:d2:57:fd:a4:94:b5:ef:
         fa:15:c4:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljv9TiY7KcTO6OWkif2yKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGUxNGViYmExYmYxZTMxMDkwYTk1YmRiYzcwMGYyYjM1OTY2OTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mGzZjGv/U/1fTGgb7OkHblXk4mv
tePr58M4cciMqxqFY8UicXKBgzt3QwUpNb36rLuP0YctjaLkFnQoj1bPHWg9VHxJ
xF4QJtvSiazVRjjsJchNQSTOmUeBScylQOBINXa8JGI/rQiSJC5zpKHfAyy6aNFx
OvuI9N7s9yu4xvF50rsX1pOXbZyM89fQ9mgzKSfPaY/u0zkznGknj6zv9m98QhYu
zF6zKs4NfH5F/xz07UpPF6GNAbOVQM8PnMiEQpov0Yyo6Daj6B5W2QbA2SthKsSx
dEfG3+V8in2QSGZLEBQsUSu/9GQGLovDF2L1tz2ybYWG6vO03JLW+j4QRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJThTruhvx4xCQqVvbxwDys1lml9MB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvbE9GT3U2R19IakVKQ3BXOXZIQVBLeldXYVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVbsRAwQA
VbsrMA0GCSqGSIb3DQEBCwUAA4IBAQAACxXIjQxS7qsWLLvR4bVIRNldepDTUzHd
QTKT2dwTlTi1RAOSP0px+MsM7nt90RIRVsp6r0a5k1OLoQL2jJqYRGob/nRbuiog
TMUz0cs7Buyc3kDazCNHJM0iccJfPVcAAooYIfxtg/4AatEM3LtPvUKJ/VD9Dmvz
HPPvbdzUzKMQ5s1+Zz0NT5T+9ixwvAzceA7U7jfpQBA9wUOBsp1M9yDjaxMGcsio
Sw4Qb48rnntb0maxFqtK43WiJNUhqQlu5zJ1+2pAjxeiGdYHLf2d4MSepJcxmx9w
rAJF7a0cfJAnehnhmRewJjERK6ijIINIdlnawdJX/aSUte/6FcRF
-----END CERTIFICATE-----